India to force VPN companies to hand over user data

VPN graphic
(Image credit: Shutterstock)

Using your favorite VPN in India may soon be impossible thanks to new regulations that will require VPN providers to collect and store a wide range of data on their customers for a period of five years.

As reported by ENTRACKR, the Computer Emergency Response Team (CERT-in) which is under the control of the country’s Ministry of Electronics and Information Technology has issued a new set of directions in an effort to “coordinate response activities as well as emergency measures with respect to cyber security incidents.

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. end of this survey

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.

VPN providers aren’t the only companies that will be required to store customer data though as the directions also apply to data centers, cryptocurrency exchanges and Virtual Private Server (VPS) providers as well.

Beginning in June of this year, companies in these industries will be required to register customer names, customer ownership patterns, customer contact information and the reason they have purchased their services in the first place.

Improving cyber incident response at a cost

CERT-in’s new order appears to be aimed at ensuring the government agency can respond to all manner of cyber incidents within six hours of their discovery. While the order itself may be well-intentioned, the range of data CERT-in is asking organizations to store and provide upon request is quite unusual.

CERT-in requires organizations to report data breaches, fake mobile apps, attacks on server infrastructure and even unauthorized access to a user’s social media accounts. Additionally, businesses that fail to provide the necessary information are governed by Section 70B(7) of the IT Act which could lead to up to one year in prison.

Another snag in the Indian government’s plan is that most VPNs have a ‘no-logs policy’ or at the very least, only keep user data temporarily. As a result of CERT-in’s new directions, many VPN providers and other IT companies could potentially stop doing business in India as they can no longer legally operate in the country.

The new directions will go into effect at the end of June unless the window for compliance is extended which very well could be the case. Until then though, consumers and businesses in the country should pick up one of the best India VPNs while they still can.

Via ENTRACKR

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
Laptop with binary computer code and India flag on the screen
VPNs are disappearing from India's app stores – and a 2022 law may be the culprit
A logo of the Pakistan Telecommunication Authority (PTA) is seen on its headquarters building in Islamabad on August 16, 2024.
Pakistan's quest to regulate VPN usage is still up and running
VPN
7 VPN predictions to look out for in 2025
VPN logo on a smartphone on a Pakistan's flag background
Pakistan telecom authority blames VPN usage for slow internet speeds
Myanmar flag
Myanmar enforces new cybersecurity law – and VPN usage is the main target
VPN logo on a smartphone on a Pakistan's flag background
Pakistan can block VPNs but "we won't do it", says the country's telecom chief
Latest in VPN Privacy & Security
Tor
What is Onion over VPN?
 In this photo illustration a Google Play logo seen displayed on a smartphone.
Why is there so much spyware hidden in the Play Store?
PrivadoVPN running on an iPhone during TechRadar's VPN tests
Why PrivadoVPN Free is still the best free VPN for streaming
Homepage of CloudFlare website on the display of PC, url - CloudFlare.com.
"Network blocking is never going to be the solution" – Cloudflare slams anti-piracy tactics
Panels at RightsCon 2025 during a press briefing about the latest Access Now report of internet shutdowns
2024 was the worst year on record for internet freedoms – again
Vector illustration of the word Censored in a glitch distorted style
Google, Apple, and internet restriction – how Big Tech is making censorship "much worse" according to experts
Latest in News
UK Prime Minister Sir Kier Starmer
UK PM says AI should soon replace civil servants
Eight Samsung TVs mounted to the wall showing different basketball games
Samsung is offering you 8 new TVs in one bundle for March Madness, in case you want to watch all games at once like a Bond villain’s lair
The Steam Logo on a mobile phone in front of a wall of games.
Today’s Steam Spring Sale features my absolute favorite game of all time - here's when the sale starts and all the key info
Apple iPhone 16 Pro Max REVIEW
The latest iPhone 17 Pro Max leak may have given us another look at its upcoming redesign
Half-Life running on a smartwatch
This Redditor installed a game engine on their smartwatch, and now it runs Doom, Quake, and Half-Life
Samsung Galaxy Z Fold 6
The Samsung Galaxy Z Fold 7 could be in line for a Galaxy S25 Ultra-level camera upgrade